2026-05-13

Blogs, AI, Tech
Ai-Assisted-Programming, Datasette, Content-Security-Policy, Ai-Agents, Codex

Simon Willison — 2026-05-13#

Highlight#

Simon’s standout experiment today demonstrates a clever UX workaround for sandboxed iframes, intercepting Content Security Policy (CSP) errors and passing them to the parent window for user approval. It is a great example of his hands-on AI-assisted programming, notably built using GPT-5.5 xhigh in the Codex desktop app.

Posts#

[CSP Allow-list Experiment] · Source This technical experiment explores how to load an app within a CSP-protected sandboxed iframe while maintaining a smooth user experience. Simon implemented a custom fetch() that catches CSP errors and passes them up to the parent window. The parent window can then prompt the user to add the blocked domain to an allow-list before refreshing the page. He built the tool using GPT-5.5 xhigh via the Codex desktop app.

Simon Willison

Blogs, AI, Tech
Html, Security, Prompt Engineering, Llms, Claude-Code, Hallucinations, Journalism, Careers, Sqlite, Coding Agents, Agentic Engineering, Generative-Ai, Llm, Datasette, Artificial Intelligence, Debugging, Marketing, Ai-Assisted-Programming, Content-Security-Policy, Ai-Agents, Codex, Vibe-Coding, Inaturalist, Tools

Simon Willison — Week of 2026-05-08 to 2026-05-15#

Highlight of the Week#

The standout development this week is Simon’s rapid adaptation to the latest frontier model capabilities, most notably releasing llm 0.32a2 to expose and visualize the new interleaved reasoning tokens of GPT-5 class models directly in the terminal. This perfectly pairs with his hands-on explorations of embedding LLM calls deeply into developer workflows, such as executing prompts via script shebangs and leveraging models to output rich HTML rather than just Markdown.